oSC23 - (open)SUSE ALP prototype on AWS, experimental, but fun!

Slide 1

Slide 1 text

© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark. openSUSE ALP prototype on AWS Dominik Wombacher Sr. Partner Solutions Architect [email protected] Experimental, but fun!

Slide 2

Slide 2 text

© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark. Session Agenda openSUSE ALP Building an AWS EC2 image on OBS From OBS to AWS AMI openSUSE ALP on AWS Q&A 2

Slide 3

Slide 3 text

Slide 4

Slide 4 text

Slide 5

Slide 5 text

© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark. Overview Lightweight base operating system Host OS and Application layer separated Immutable operating system Transactional updates Security focused W H A T I S T H E A D A P T A B L E L I N U X P L A T F O R M ? 5

Slide 6

Slide 6 text

© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark. Technical highlights Read-only root filesystem BTRFS Snapshots Zero touch configuration W H A T M A K E S A L P D I F F E R E N T ? 6

Slide 7

Slide 7 text

© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark. Transactional updates demystified U P D A T E A I M M U T A B L E O P E R A T I N G S Y S T E M 7 transactional-update up new snapshot zypper up reboot snapshot #1 boot snapshot #2 snapshot #2 boot snapshot #1 On failure, reboot into snapshot #1

Slide 8

Slide 8 text

© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark. Challenges Breaking changes Probably no In-place migration Applications as container instead rpm C L I M B I N G T H E A L P ( S ) I S N ’ T A L W A Y S E A S Y 8

Slide 9

Slide 9 text

Slide 10

Slide 10 text

© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark. Amazon Machine Image Required to launch an Amazon EC2 Instance Contains one or more Amazon EBS snapshots Provided by AWS and 3rd parties Customize or build from scratch W H A T I S A N A M I ? 10 Amazon EC2 Image Builder Amazon Elastic Compute Cloud (Amazon EC2)

Slide 11

Slide 11 text

© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark. Amazon Machine Image A M I L I F E C Y C L E 11 Snapshot AMI AMI Instance create register deregister launch copy

Slide 12

Slide 12 text

© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark. Open Build Service O B S P A C K A G E L I F E C Y C L E 12 commit build change publish checkout Workers Repository

Slide 13

Slide 13 text

© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark. OBS Package AWS EC2 AMI Based on SUSE ALP Bedrock 0.1 Inspired by openSUSE Leap Cloud Images P R O J E C T : H O M E : W O M B E L I X : I M A G E S : A L P : B E D R O C K 13 Branched packages cloud-init amazon-ssm-agent flatpak Additional packages aws-cli cloud-netconfig-ec2 dhcp-client

Slide 14

Slide 14 text

© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark. OBS Package AWS EC2 AMI Overlay ec2-root cloud-init config chrony timeserver kernel modules udev rules motd Overlay repos branched packages ALP Bedrock media Workaround for bug bsc#1211405 $arch (x86_64_v4) $basearch (x86_64) P R O J E C T : H O M E : W O M B E L I X : I M A G E S : A L P : B E D R O C K 14

Slide 15

Slide 15 text

Slide 16

Slide 16 text

© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark. From OBS to AWS AMI W O R K F L O W 16 commit build publish Workers Repository 1) Download 2) Decompress 3) Upload to S3 4) Import 5) Register 6) Launch Snapshot AMI Instance import register launch S3 Bucket download upload decompress

Slide 17

Slide 17 text

Slide 18

Slide 18 text

© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark. From OBS to AWS AMI AWS CodePipeline > AWS CodeBuild > Ansible Deploy Check Clean-up T E S T I N G 18

Slide 19

Slide 19 text

Slide 20

Slide 20 text

© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark. State of integration Customizing on boot via cloud-init Accessing metadata (IMDSv2) NTP 169.254.169.123 DNS 169.254.169.253 AWS CLI AWS Systems Manager Run Command Fleet Manager Session Manager H O W D O E S O P E N S U S E A L P I N T E R A C T W I T H A W S S E R V I C E S 20

Slide 21

Slide 21 text

© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark. Comparison to openSUSE Leap Not supported by AWS SSM SELinux in enforced mode wicked replaced by NetworkManager Toolbox Container for debugging Pre-installed Salt minion and Cockpit BTRFS root filesystem Transactional updates NeuVector security scanning O P E N S U S E A L P D I F F E R E N C E S , N O T J U S T O N A W S 21

Slide 22

Slide 22 text

Slide 23

Slide 23 text

© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark. Thank you! Dominik Wombacher Sr. Partner Solutions Architect [email protected] https://pulse.buildon.aws/survey/4L6DKGJG Please provide Feedback